🛝Toolio
All tools

🗝️ Secret Key Generator

Instantly generate cryptographically secure random keys for encryption, tokens, and API secrets — 100% local, powered by your browser's Web Crypto API.

🔒 Generated locally with the Web Crypto API — never sent anywhere.

About

This tool uses the browser's built-in Web Crypto API (crypto.getRandomValues) to generate truly random keys — the same entropy source used by operating systems and security libraries. You can choose 128-bit, 256-bit, or 512-bit key lengths and encode the output as hexadecimal, standard base64, or URL-safe base64. Generate a single key or produce many at once for bulk use cases like seeding environment variables or testing. Because everything runs entirely in your browser, no data is ever sent anywhere — your keys stay private.

How to use

  1. Select a key length: 128-bit for lightweight use, 256-bit for standard security, or 512-bit for maximum strength.
  2. Choose an output format: hexadecimal for readability, base64 for compact binary encoding, or URL-safe base64 for use in URLs and tokens.
  3. Set the quantity if you need multiple keys at once — useful for batch provisioning of secrets.
  4. Click Generate. Your keys appear instantly, derived from the Web Crypto API's cryptographically secure random number generator.
  5. Click Copy next to any key to copy it to your clipboard, then paste it directly into your app, config file, or environment variable.

FAQ

Is this key generator truly random and secure?
Yes. It uses the Web Crypto API's crypto.getRandomValues, which is a cryptographically secure pseudorandom number generator (CSPRNG) seeded by OS-level entropy. It is suitable for generating encryption keys, tokens, and secrets.
Does this tool send my keys to a server?
No. All key generation happens entirely in your browser. No data is ever transmitted — your secrets never leave your device.
Which key length should I use?
256-bit is the most widely recommended for modern applications (AES-256, JWT secrets, API keys). Use 128-bit for lightweight tokens and 512-bit when you need extra headroom or hashing inputs.
What is the difference between base64 and URL-safe base64?
Standard base64 uses + and / characters that must be percent-encoded in URLs. URL-safe base64 replaces those with - and _ so the key can be embedded in URLs, query strings, and HTTP headers without additional encoding.
Can I generate multiple keys at once?
Yes. Use the quantity setting to generate several keys in one click. This is handy when you need to seed multiple services, test configurations, or provision rotating secrets.